This is a month or so old, but good reading. PWC research on global state of information security.
Net: High-level: Strategic priorities for the next year: 10 most common answers.
Disaster recovery/business continuity
Employee awareness programs
Overall information security strategy
Centralized security information management system
Periodic security audits
Monitoring security reports (log files, vulnerability reports and so on)
Spending on intellectual property protection